Back end of payment system associated with financial transactions using card readers coupled to mobile devices

ABSTRACT

A method of reconstructing a packet that includes financial card information from a mobile device uses a card reader. The card reader has a read head, a slot for swiping a magnetic stripe of a card and device electronics that includes a microcontroller with logic resources with code. The card reader has a unique identifier and associated cryptographic key. The same code is used to produce an encrypted and signed signal. The encrypted and signed signal, that includes the card reader identifier, is sent to the mobile device. The mobile device sends an encrypted and signed packet to a back end of a payment system. A cryptographic key is sued to decrypt and verify the contents of the packet at the back end. Non-encrypted financial card information is sent to a payment gateway.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. Ser. No. 13/192,147 filed Jul. 27, 2011, which application is a divisional of U.S. Ser. No. 13/179,836, filed Jul. 11, 2011, which application is a continuation-in-part of U.S. Ser. No. 12/707,228, which is a continuation of U.S. Ser. No. 12/050,752 filed Mar. 18, 2008, which is a continuation of U.S. Ser. No. 10/355,557 filed Jan. 31, 2003, which claims the benefit of U.S. 60/355,667 filed Feb. 5, 2002, U.S. 60,356,861 filed Feb. 12, 2002, and U.S. 60,361,646 filed Mar. 4, 2002. Said Ser. No. 12/707,228 is also a continuation-in-part of U.S. Ser. No. 12/903,753, U.S. Ser. No. 12/903,823, both filed Oct. 13, 2010, U.S. Ser. No. 12/985,822 and U.S. Ser. No. 12/895,982, both filed January, 2011, U.S. Ser. No. 13/010,796, filed Jan. 21, 2011 and U.S. Ser. No. 13/012,495, filed Jan. 24, 2011.

This application is related to U.S. Ser. No. 12/456,134, filed Jun. 10, 2009, and is hereby incorporated herein by reference.

All of the above-identified applications are fully incorporated by reference.

BACKGROUND

1. Field of the Invention

The present invention relates generally to methods using card readers configured to be coupled to mobile devices to conduct financial transactions using payment systems, and more particularly to methods using efficient back ends of payment systems associated with financial transactions using card readers coupled to mobile devices.

2. Description of the Related Art

Plastic cards having a magnetic stripe embedded on one side of the card are prevalent in everyday commerce. These cards are used in various transactions such as to pay for purchases by using a credit card, a debit card, or a gasoline charge card. A charge card or a debit card may also be used to transact business with a bank through use of an automated teller machine (ATM). The magnetic stripe card is capable of storing data by modifying the magnetism of magnetic particles embedded in the stripe. The data stored on the magnetic stripe may be sensed or read by swiping the stripe past a read head. The analog waveform obtained by sensing the magnetic stripe must undergo a process known as decoding to obtain the digital information stored in the magnetic stripe of the card.

Currently, there are hundreds of magnetic stripe readers/swipers on the market, all of them are at least as long as the credit card itself. These existing readers/swipers can be classified as either platform card readers or plunge card readers. Platform card readers are traditional card swipers with single rails, which allow a card to be held against the base of the reader by the user and moved across the read head of the reader. Plunge swipers guide a card by two sets of rails and a backstop. Once the user has inserted the card against the backstop, the card is read as it is removed from the plunge swipers. Plunge swipers are common on ATMs and other self-pay devices because they are less prone to hacking.

Magnetic stripe cards having standard specifications can typically be read by point-of-sale devices at a merchant's location. When the card is swiped through an electronic card reader, such as a platform card reader, at the checkout counter at a merchant's store, the reader will usually use its built-in modem to dial the number of a company that handles credit authentication requests. Once the account is verified and an approval signal will be sent back to the merchant to complete a transaction.

Although magnetic stripe cards are universally used by merchants, there is no way for an individual to take advantage of the card to receive a payment from another individual (who is not a merchant) by swiping the card through a simple reader attached to his/her mobile device. For a non-limiting example, one person may owe another person money for a debt, and the conventional way to pay the debt is to provide cash or a check. It would be convenient to be able to use a credit card or a debit card to pay off the debt. In addition, it is advantageous for an individual to make payment to another individual or merchant by swiping his magnetic stripe card through a reader connected to a mobile device.

There is a need for improved methods utilizing card readers that are configured to be coupled to mobile devices for conducting financial transactions with back-ends of payment systems. There is a further need for methods utilizing cost effective card readers configured to be coupled to mobile devices for the conduct of financial transactions with back-end of payment systems. Yet there is a further need for methods utilizing efficient back ends of payment systems associated with financial transactions using card readers coupled to mobile devices.

SUMMARY

An object of the present invention is to provide methods utilizing card readers for financial transactions using mobile devices.

Another object of the present invention is to provide methods utilizing card readers for conducting financial transactions using portable electronic devices, such devices including software, firmware, hardware, or a combination thereof that is capable of at least receiving a signal.

A further object of the present invention is to provide methods utilizing secure card readers for financial transactions using mobile devices.

A further object of the present invention is to provide methods utilizing card readers with increased efficiency for financial transactions using mobile devices.

Yet another object of the present is to provide methods utilizing card readers that have cost efficient architectures for payments using mobile devices.

Still another object of the present invention is to provide methods utilizing card readers with a microcontroller configured to use the same code to encrypt and sign signal, and for conducting financial transaction using mobile devices.

These and other objects of the present invention are achieved in a method of reconstructing a packet that includes financial card information from a mobile device. A card reader is provided with a read head, a slot for swiping a magnetic stripe of a card and device electronics that includes a microcontroller with logic resources with code. The card reader has a unique identifier and associated cryptographic key. The same code is used to produce an encrypted and signed signal. The encrypted and signed signal, that includes the card reader identifier, is sent to the mobile device. The mobile device sends an encrypted and signed packet to a back end of a payment system. A cryptographic key is sued to decrypt and verify the contents of the packet at the back end. Non-encrypted financial card information is sent to a payment gateway.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts an example of a system diagram to support financial transaction between a payer and a payee through a miniaturized card reader connected to a mobile device.

FIG. 2 depicts an example of an external structural diagram of a miniaturized card reader.

FIGS. 3( a)-(b) depict examples of actual card reader with miniaturized design.

FIGS. 4( a)-(b) depict examples of alignment between read head of the card reader and magnetic stripe of card being swiped.

FIG. 5 depicts an example of a TRS connector as a part of card reader.

FIGS. 6( a)-(c) depict examples of internal structures of a miniaturized card reader.

FIGS. 7( a)-(b) depict examples of waveforms of data read from one track of the magnetic stripe by read head when the card is swiped through the slot of the card reader in the forward and reverse directions, respectively.

FIG. 8 depicts a flowchart of an example of a process to support swiping of a card with a magnetic stripe through a miniaturized portable card reader.

FIG. 9 depicts an example of schematic diagram of passive ID circuitry embedded in the card reader.

FIG. 10 depicts an example of schematic diagram that contains additional components of passive ID circuitry 22 that contribute to the user experience.

FIG. 11 depicts an example of an implementation for passive ID circuitry 22 depicted in FIG. 10.

FIG. 12 depicts a flowchart of an example of a process to deliver the unique ID to mobile device via the passive ID circuitry.

FIG. 13 depicts an example of additional encryption and/or decryption systems included in the passive ID circuitry for encrypting and decrypting of unique ID of card reader.

FIG. 14 depicts a flowchart of an example of a process to support decoding of incoming signals from swiping of a card with a magnetic stripe through a miniaturized portable card reader.

FIG. 15 depicts a flowchart of an example of a process to support financial transaction between a payer and a payee through a miniaturized card reader connected to a mobile device.

FIGS. 16( a)-(f) depict screenshots of an example of a financial transaction between a purchaser and a merchant through a miniaturized card reader connected to a mobile device.

FIG. 17 illustrates an integrated read head/mobile device embodiment of the present invention.

FIG. 18 illustrates one embodiment of a method of making payments using a mobile device where a tab is opened by a first party and is selected by a qualified second party at any geographic location of the first party's mobile device.

FIG. 19 illustrates an overall system architecture of a payment service that can be used in various embodiments of the present invention.

FIG. 20 illustrates an embodiment of the present invention for a method of conducing on-line purchases using a mobile device.

FIG. 21 illustrates an embodiment of the present invention where a method is provided for transferring funds to and/or from a first party's financial account, and the first party's financial account information is entered with a single initial entry to the payment service and for future payments the information need not be re-entered.

FIG. 22 illustrates an embodiment of the present invention with a spring member attached to the read head to provide for increased accuracy and read head adjustment

FIG. 23 illustrates one embodiment of the present invention with a card reader, mobile device and payment system.

FIG. 24 illustrates one embodiment of the present invention where the output from a read of the track goes to an amplifier, differentiator, into a comparator and then into a microcontroller,

FIG. 25 illustrates one embodiment of the present invention where a card reader accepts a raw signal from a read head and processes the financial transaction card read on the fly.

FIG. 26 illustrates one embodiment of the present invention where the slot of a read head has directionality.

FIG. 27 illustrates an embodiment of the present invention where the read head includes a power source.

FIG. 28 is a schematic view, according to another embodiment of the present invention, showing a payment device-not-present transaction.

FIG. 29 is a schematic view illustrating a payment device present transaction according to one embodiment of the present invention;

FIG. 30 is a schematic view illustrating a security device-present transaction according to one embodiment of the present invention.

FIG. 31 is a perspective view of a card reader in one embodiment of the present invention, with a slot with a varying width, and one end of the slot is broader than the opposite end, and the exterior housing including indicia for directionality.

FIG. 32 illustrates an interior review of a card reader of the present invention, showing the read head on one side, and electronics and circuitry on an opposite side.

FIG. 33 illustrates an embodiment of device electronics for the card reader in one embodiment of the present invention.

FIG. 34 illustrates an embodiment of the FIG. 33 device electronics with an analog to digital front-end and a microcontroller.

FIG. 35 illustrates an embodiment of the present invention where an analog to digital front end can receive a raw magnetic head signal from the magnetic head and convert it into a processed digital signal that the microcontroller, producing a signal with magnetic read head electronics.

FIG. 36 illustrates an amplifier or amplifier/filter that can be used in an embodiment of the present invention.

FIG. 37 illustrates a differentiator that can be used in an embodiment of the present invention.

FIG. 38 illustrates a comparator 536 that can be used in an embodiment of the present invention.

FIG. 39 illustrates wake-up electronics that can be used in an embodiment of the present invention.

FIGS. 40 and 41 illustrates a power source that can be used in an embodiment of the present invention.

FIG. 42 illustrates transmission electronics that can be used in an embodiment of the present invention.

FIG. 43 illustrates a card in a slot of a read head in an embodiment of the invention, illustrates how the card can rotate at a angle away from a bottom of the slot, and also exit at an angle relative to the slot.

FIG. 44 illustrates an embodiment of the present invention with the read head positioned offset from a center of an associated housing, movement of a card through a slot an angle relative to the card reader and a coupled mobile device.

FIG. 45 illustrates an asymmetric spring that can be used in an embodiment of the present invention.

FIG. 46 illustrates a flow of a card read with a card reader of the present invention, its' interaction with a mobile device and a back end of a payment system.

DETAILED DESCRIPTION

The approach is illustrated by way of example and not by way of limitation in the figures of the accompanying drawings in which like references indicate similar elements. It should be noted that references to “an” or “one” or “some” embodiment(s) in this disclosure are not necessarily to the same embodiment, and such references mean at least one.

FIG. 1 depicts an example of a system diagram to support financial transaction between a payer and a payee through a miniaturized card reader connected to a mobile device. Although the diagrams depict components as functionally separate, such depiction is merely for illustrative purposes. It will be apparent that the components portrayed in this figure can be arbitrarily combined or divided into separate software, firmware and/or hardware components. Furthermore, it will also be apparent that such components, regardless of how they are combined or divided, can execute on the same host or multiple hosts, and wherein multiple hosts can be connected by one or more networks.

In the example of FIG. 1, the system includes a mobile device 100, a miniaturized card reader 10 connected to mobile device 100, a decoding engine 110, a user interaction engine 120, and a transaction engine 130, all running on mobile device 100. Additionally, the system may also include one or more of user database 140, product or service database 150, and transaction database 160, all coupled to the transaction engine 130.

As used herein, the term engine refers to software, firmware, hardware, or other component that is used to effectuate a purpose. The engine will typically include software instructions that are stored in non-volatile memory (also referred to as secondary memory). When the software instructions are executed, at least a subset of the software instructions is loaded into memory (also referred to as primary memory) by a processor. The processor then executes the software instructions in memory. The processor may be a shared processor, a dedicated processor, or a combination of shared or dedicated processors. A typical program will include calls to hardware components (such as I/O devices), which typically requires the execution of drivers. The drivers may or may not be considered part of the engine, but the distinction is not critical.

As used herein, the term database is used broadly to include any known or convenient means for storing data, whether centralized or distributed, relational or otherwise.

In the example of FIG. 1, mobile device 100 to which the portable card reader 10 is connected to can be but is not limited to, a cell phone, such as Apple's iPhone, other portable electronic devices, such as Apple's iPod Touches, Apple's iPads, and mobile devices based on Google's Android operating system, and any other portable electronic device that includes software, firmware, hardware, or a combination thereof that is capable of at least receiving the signal, decoding if needed, exchanging information with a transaction server to verify the buyer and/or seller's account information, conducting the transaction, and generating a receipt. Typical components of mobile device 100 may include but are not limited to persistent memories like flash ROM, random access memory like SRAM, a camera, a battery, LCD driver, a display, a cellular antenna, a speaker, a Bluetooth circuit, and WIFI circuitry, where the persistent memory may contain programs, applications, and/or an operating system for the mobile device.

In one embodiment of the present invention a system is provided with transaction engine 130 running on mobile device 100. In response to a financial transaction between a buyer and a seller, the mobile device 100 accepts information selected including but not limited to information from financial transaction or information pertaining to financial transaction card used by the buyer in the transaction. Additionally, a financial transaction device can be utilized. Non-limiting examples of financial transaction devices include but are not limited to a, wristband, RFID chip, cell phone, biometric marker and the like. At least a portion of this information is communicated with a third party financial institution or payment network to authorize the transaction. The buyer receives confirmation of the payment. Payment confirmation can be in real time by a payment service.

Payment confirmation can be made with a communication channel of the buyer's choice. As non-limiting examples, confirmation of payment can be an electronic notification in the form selected from at least one of, email, SMS message, tweet (message delivered via Twitter), instant message, communication within a social network and the like.

In response to the transaction, a confirmation is made that the buyer is authorized to use the financial transaction card in order to prevent fraud. There can also be a confirmation that there are sufficient funds for the purchase made by the buyer.

In one embodiment, it is determined that that the buyer, authorized to use the financial transaction card, is present with the seller at the time of the financial transaction.

Miniaturized Card Reader

In the example of FIG. 1, miniaturized card reader 10 is configured to read data encoded in a magnetic strip of a card being swiped by a buyer and send a signal that corresponds to the data read to mobile device 100 via a signal plug 18. This signal is at least partially if not fully decoded in the mobile device 100.

The size of card reader 10 is miniaturized to be portable for connection with mobile device 100. For a non-limiting example, the size of card reader 10 can be miniaturized to an overall length of less than 1.5″. In addition, the miniaturized card reader 10 is also designed to reliably read the card with minimum error via a single swipe by counteracting vendor specific filtering done by mobile device 100. Note that this broad overview is meant to be non-limiting as components to this process are represented in different embodiments. For instance the decoding engine 110 can be embedded in the card reader 10 as shown in FIG. 13 as the decoding system 42. FIG. 2 depicts an example of an external structural diagram of miniaturized card reader 10. Although the diagrams depict components as functionally separate, such depiction is merely for illustrative purposes. It will be apparent that the components portrayed in this figure can be arbitrarily combined or divided into separate software, firmware and/or hardware components.

In the example of FIG. 2, miniaturized card reader 10 is shown to comprise at least a housing 12 having a slot 14, a read head 16 embedded on a wall of slot 14, a signal plug 18 extending out from the housing 12, and an optional passive ID circuit 22.

FIG. 3( a) depicts an example of an actual card reader with miniaturized design and FIG. 3( b) depicts other examples of miniaturized card reader with width around 0.5″.

The card reader 10 includes the slot 14 and is miniaturized relative to the size of the mobile device 100. In some embodiments, the housing 12 is not included.

In one embodiment, the slot 14 is configured to maintain contact between the read head 16, and the magnetic stripe of the financial transaction card during a swipe. The signal is decoded in the mobile device 100. The decoding includes determining pulses in the signal and converting at least some of the pulses to characters. In one embodiment, the slot 14 has a width of no greater than 1 mm. The width of the slot 14 is sufficient to enable a successful swiping of the financial transaction card, while producing the signal. It is sized to enable the successful swipe without creating sufficient torque between the signal plug 18 or output jack and the read head 16 or at the mobile device 100 to cause damage due to excessive torque. If the slot 14 is too wide, then it is more difficult to achieve a successful swipe that produce the signal. If there is a miss, or insufficient data is generated, then the resulting signal is not competent. If the slot 14 is too narrow, then the financial transaction card can not be swiped. The size of the slot 14 is selected to reduce torque as discussed above. Additionally, in one embodiment, the output jack 18 is at least partially if not fully rotatable relative to the port it is coupled to in the mobile device 100. The decoding includes error checking. In one embodiment, the decoding includes detecting that data in the signal is from the financial transaction card, seeing the beginning and ending sentinels and reconstructing data in the signal from a pattern of pulses.

In one embodiment of the present invention, the mobile device 100 has an audio input port, a line input port a USB port and others. In one embodiment, a sampling rate of the signal at the audio input port or a line input port of the mobile device is at least 15 kHZ. In various other embodiments, the sample rate of the signal at the audio input port or line import port can be, least 20 kHz; at least 25 kHz, at least 30 kHz, at least 35 kHz or at least 40 kHz.

In one embodiment, the slot 14 is oriented and sized to reduce torque applied on the read head 10 when the financial transaction card is swiped through the slot 14 in order to maintain accuracy and reliability of the data read by the read head 10.

In the example of FIG. 2, housing 12 of card reader 10 is designed to be asymmetrical with respect to slot 14, with texture such as logo on one side of the housing that can be felt and recognized by a user with a touch of a finger. For correct swiping of the card, the texture side of housing 12 should match with the texture (front) side of the card, so that a user can easily identify the right side of the reader to swipe the card through slot 14 without actually looking at the reader or card. Even a blind person is able to swipe the card correctly by matching the texture side of the reader with the texture side of the card.

In the example of FIG. 2, the slot 14 is wide enough and deep enough to accept a card having a magnetic stripe so that the stripe will fit within the slot 14. More importantly, the slot 14 is configured to reduce the torque applied on the reader 10 when the card is swiped through slot 14 in order to maintain accuracy and reliability of the data read by read head 16. Since the size of card reader 10 is miniaturized, slot 14 also has a length that is significantly less than the length of the card to be inserted into the slot 14.

To correctly read the data on the magnetic stripe of the card, the read head 16 must maintain contact with the stripe as the card moves past slot 14. If the card rocks during the swipe, the alignment of the head 12 with the stripe may be compromised. As the length of the slot 14, i.e., the card path through which the card swiped though slot 14, is shortened, rocking and head alignment may become significant issues. As shown in FIG. 4( a), if the magnetic stripe card is swiped through without the base of the card resting against the flat bottom piece, the magnetic stripe will not align with the read head 16 when the card is swiped through slot 14 having a flat base 15.

In some embodiments, the base 15 of slot 14 can be changed from flat to a curved base with a radius in order to increase contact between the read head 16 and the magnetic stripe to address the rocking problem. As shown in FIG. 4( b), the read head 16 can maintain contact with the magnetic stripe, even with some additional error due to the gradation of contact introduced by the curved base 15.

FIG. 5 depicts an example of signal plug 18 as part of card reader 10. Here, signal plug 18 can be but is not limited to a TRS (tip, ring, sleeve) connector also known as an audio plug, phone plug, plug, stereo plug, mini-plug, or a mini-stereo audio connector. The signal plug 18 may be formed of different sizes such as miniaturized versions that are 3.5 mm or 2.5 mm.

In some embodiments, signal plug 18 may be retractable within the housing 12. In some embodiments, signal plug 18 is configured to extend beyond housing 12 of the reader in order to accommodate connection with mobile devices 100 having cases or having a recessed plug-in socket, wherein the socket can be but is not limited to a microphone input socket or a line in audio input of the mobile device.

In some embodiments, housing 12 of card reader 10 is made of non-conductive material such as plastic so that the reader will not interfere with the function of mobile device 100 it is connected with. Such choice of material is important since the outer case of certain mobile devices, such as iPhone 4, is conductive and serves as an antenna for the device, which function could potentially be interfered with if the metal case of the device gets in touch with the housing of a card reader made of conductive material.

FIG. 6( a) depicts an example of an internal structural diagram of a miniaturized card reader. Although the diagrams depict components as functionally separate, such depiction is merely for illustrative purposes. It will be apparent that the components portrayed in this figure can be arbitrarily combined or divided into separate software, firmware and/or hardware components.

In the example of FIG. 6( a), the internal structure inside housing 12 of card reader 10 is shown to comprise at least a read head 16 with embedded circuitry, and a spring structure 20 to support read head 16. FIG. 6( b) depicts an example of an internal structure an actual miniaturized card reader. FIG. 6( c) depicts an example of separated components of read head 16 and spring structure 20 used in the actual miniaturized card reader.

In the example of FIGS. 6( a)-(c), read head 16, which for a non-limiting example, can be an inductive pickup head, detects and provides data stored in the magnetic stripe of a card to a connected mobile device 100. More specifically, as the magnetic stripe of a card is swiped through slot 14 and in contact with read head 16, the card reader device 10 reads one or more tracks of data or information stored in the magnetic stripe of the card via the detection circuitry embedded inside the read head. Here, data stored in the magnetic stripe may be in the form of magnetic transitions as described in the ISO 7811 standards. As the card moves past the read head 16, magnetic transitions representing data induce a voltage or waveform in a coil (not shown) of read head 16 due to such relative movement between read head 16 and the stripe (called the Hall Effect), wherein a resistor (not shown) inside read head 16 sets the amplitude of the waveform. This waveform is sent via the signal plug 18 into the socket which is registered by the microphone of the mobile device 100 connected with card reader 10.

In some embodiments, read head 16 in card reader is capable of reading only one track of data (either track 1 or 2, but not both) from the magnetic stripe in order to reduce the size and structural complexity of compact read head 16 as only one pin needs to be included in the read head. FIGS. 7( a)-(b) depict examples of waveforms of data read from track 1 (instead of both tracks 1 and 2 as by a traditional read head) of the magnetic stripe by read head 16 when the card is swiped through slot 14 in the forward and reverse directions, respectively.

In some embodiments, the size or thickness of the housing 12 of card reader 10 is configured to be narrow enough to accommodate only a single read head 16. Such design is intended to be tampering-proof so that even if the housing 12 is tampered with, no additional circuitry can be added to the card reader 10 and such tampering will render the card reader non-functional.

In the example of FIGS. 6( a)-(c), spring structure 20 is a flexible spring mounting to read head 16 without a screw, causing the read head to be suspended to housing 12 of card reader 10. Here, spring 20 can either be connected to housing 12 via screws or welded to plastic housing 12 without using any screws. As the card moves past the read-head 16 on the miniaturized card reader, any card bending or misalignment may cause the read head to lose contact with the magnetic stripe. Spring 20 allows suspended read head 16 to swivel while maintaining contact pressure to track the stripe of the card being swiped. Spring 20 is designed to be sufficiently small to fit within the miniaturized card reader 10, yet powerful enough to maintain good contact during the stripe. Unlike traditional spring structures, spring 20 positions the supports for read head 20 inside the overall form of the spring, which allows the spring to flex without having to make one support moveable.

FIG. 8 depicts a flowchart of an example of a process to support swiping of a card with a magnetic stripe through a miniaturized portable card reader. Although this figure depicts functional steps in a particular order for purposes of illustration, the process is not limited to any particular order or arrangement of steps. One skilled in the relevant art will appreciate that the various steps portrayed in this figure could be omitted, rearranged, combined and/or adapted in various ways.

In the example of FIG. 8, the flowchart 800 starts at block 802 where a miniaturized card reader is structured to provide sufficient contact between a read head and the magnetic stripe during a swipe of a card. The flowchart 800 continues to block 804 where a card with a magnetic stripe is swiped through a slot of the miniaturized card reader. The flowchart 800 continues to block 806 where the read head reliably reads data stored in the magnetic stripe and generates an analog signal or waveform indicative of data stored in the magnetic stripe. The flowchart 800 continues to block 808 where amplitude of the waveform is set by the circuitry inside the read head. The flowchart 800 ends at block 810 where the set waveform is provided to a mobile device 100 connected with the miniaturized card reader via the signal plug 18.

Passive ID Circuit

In some embodiments, housing 12 of card reader 10 may further encapsulate a passive ID circuitry 22 powered by the mobile device 100 through signal plug 18, wherein passive ID circuitry 22 delivers an unique ID of the card reader to mobile device 100 only once upon the card reader being connected to (and powered up by) the mobile device. Although both are integrated in the same housing 12, passive ID circuitry 22 functions independently and separately from read head 18 without interfering with the read head's card swiping functions described above.

FIG. 9 depicts an example of schematic diagram of passive ID circuitry embedded in the card reader. In the example of FIG. 9, passive ID circuitry 22 may comprise at least five main subsystem/components: unique ID storage 24, communication subsystem 26, which reads and transmits the unique ID from unique ID storage 24, power subsystem 28, which provides power to enable communication with mobile device 100, a pathway subsystem 30 to route signals to signal plug 18 through the circuitry, and a control unit 32, to orchestrate the communication between different systems. All of these subsystems can be implemented in hardware, software or a combination thereof. Communication subsystem 26, power subsystem 28, and read head 16 share the same signal plug 18 for connection with the mobile device. The components portrayed in this figure can be arbitrarily combined or divided into separate software, firmware and/or hardware components.

In the example of FIG. 9, unique ID storage 24 is memory containing the Unique ID of the card reader. The unique ID storage 24 can be any persistent memory containing bytes that can be accessed by the communication subsystem 26.

In the example of FIG. 9, the power subsystem 28 comprises of a modified charge pump, which utilizes a digital circuit to artificially raise the voltage of a power source to a higher level. Normal charge pump operation requires large current which is then fed into several capacitors, and switching logic switches the capacitors between series and parallel configurations. In the example of FIG. 10, the power source is a bias voltage provided by the mobile device meant for detection of a connected component. It is nominally 1.5V and is supplied through a 2 kΩ resistor, resulting in a maximum current of 750 μA. Details of how the power subsystem 28 function is described in FIG. 11.

In standard operation the pathway subsystem 30 is configured to direct the mobile device's 100 bias voltage to the power subsystem 28. After the power subsystem converts the bias voltage to a system voltage, the control unit 32 is able to operate. Control unit 32 configures the pathway subsystem 30 to allow the communication subsystem 26 access to the mobile device 100. The communication subsystem 26 relays the unique ID from the unique ID storage 24. The control unit 32 then configures the pathway subsystem 30 to allow the card reader circuit 16 access to the mobile device 100.

FIG. 10 depicts an example of schematic diagram that contains additional components of passive ID circuitry 22 that contribute to the user experience. These additional systems prevent the mobile device 100 from perceiving that the card reader 10 has been disconnected during power cycles. These additional systems also ensure that the unique ID sent from unique ID storage 24 is sent as specified by the designer. This extra feature set comprises of a discharge subsystem 34 to force the device to power cycle, a fake load 36 so the mobile device 100 does not perceive a disconnect, and a monitor system 38 to manage card reader 10 behavior between power cycles.

In the example of FIG. 10, communication subsystem 26 comprises a signal driver connected with control unit 32 and unique ID storage 24. In a non-limiting embodiment of a system which sends an ID only once to a mobile device 100, after the control unit 32 boots up, communication subsystem 26 will check a status bit in the monitor subsystem 38. The first time this process occurs, the status bit will be not set. When the status bit is not set the ID is sent immediately. FIG. 12 contains a detailed flowchart of a non-limiting example of this process. In one embodiment the control unit 32 will write to the status bit in monitor subsystem 38. It will then use the discharge system 34 to reset itself. During this time the pathway subsystem 30 will be configured to direct the signal path to the fake load preventing the mobile device 100 from detecting a disconnect with the card reader 10. Once the power subsystem 28 has completed its power cycle, the control unit 32 will read the status bit. Upon seeing that the status bit is cleared it will configure the pathway subsystem 30 to direct the signal path to the card reader circuit 16. The control unit 32 will then put the system into an extremely low power state (from here referred to as a sleep state). Only the monitoring subsystem 38 will remain active. The monitor subsystem 38 will wake the system from the sleep state at some time (time depending on implementation) before a power cycle. The control unit 32 will notified of the system awakening by the monitoring subsystem 38. The control unit 32 will then set the status bit on the monitor subsystem 38 only if there is a voltage detected on the fake load indicating the reader is still connected. The control unit 32 will then force a power cycle.

FIG. 11 depicts an example of an implementation for passive ID circuitry 22 depicted in FIG. 10. In some embodiments, power subsystem 28 has multiple capacitors in parallel. A voltage breaker (e.g., zener diode etc) and a latch are used to trigger the transition between parallel and series configurations. Once the latch is flipped, power subsystem 28 will remain in series configuration until the combined voltage drops bellow the CMOS trigger gate voltage at about 0.4V. At this time the passive ID circuitry 22 will reset and the unique ID delivery process will begin again

In the example of FIG. 11, pathway subsystem 30 comprises a plurality of latches controlled by control unit 32 for switching among various subsystems of passive ID circuitry 22. When passive ID circuitry 22 is in operation, the default configuration allocates the output signal through signal plug 18 to modified charge pump of power subsystem 28. After the latch to turn off modified charge pump 28 is triggered, control unit 32 will route signal plug 18 from read head 16 to communication subsystem 26 and transmit the unique ID through signal plug 18 after checking the status bit in unique ID storage 24. Pathway subsystem 30 will then write to the status bit in unique ID storage 24 and discharge the power subsystem 28. FIG. 12 depicts a flowchart of an example of a process to deliver the unique ID to mobile device 100 via the passive ID circuitry 22.

In some embodiments, passive ID circuitry 22 may further include additional encryption and/or decryption systems as shown in FIG. 13 for encrypting and decrypting of unique ID of card reader 10. In the example of FIG. 13, the decoding system 42 and encryption system 40 can both use the control unit 32 from the passive ID circuitry 22 to communicate with the mobile device 100 over the communication subsystem 26.

Signal Decoding

Once card reader 10 provides the set waveform to the attached mobile device 100, the incoming signals (waveform) may be amplified, sampled, and converted to a stream of digital values or samples by decoding engine 110 running via a microprocessor inside the mobile device. Here, decoding engine 110 may comprise a pipeline of software decoding processes (decoders) to decode and process the incoming signals as described below, where each software process in this pipeline can be swapped out and replaced to accommodate various densities of track data read in order to reduce card swipe error rate. The incoming signals may be of low quality due to one or more of: low quality of data read from a single and/or low density track of a magnetic stripe of the card, sampling speed limitations of the microphone input socket of the mobile device, and noise introduced into the mobile device 100 from card reader 10. FIG. 14 depicts a flowchart of an example of a process to support decoding of incoming signals from swiping of a card with a magnetic stripe through a miniaturized portable card reader.

In the example of FIG. 14, the flowchart 1400 starts at block 1402 where decoding engine 110 initializes its internal state by waiting for the system voltage to reach a steady state. Upon initial connection of a card reader, there is usually a burst of signal due to feedback caused by slight impedance mismatches and the presence of non-linear elements like the read head. After at least 3 time constants, the signal is determined to be in a steady state. During such initialization phase, the DC offset of the incoming signals are computed when the mobile device is first connected to the card reader over signal plug 18. In some embodiments, initialization goes through at least the following steps:

Take one system buffer of audio signal and compute the DC offset of this buffer.

Save the computed DC offset.

Compute the average of the last three DC offsets.

Compute the variance of the current DC offset from the average computed in step 3.

The following values presented were found to be optimum for performance in the decoding system. In the spirit of full disclosure they have been provided here to allow someone trained in the arts to be able to replicate this process. It is fully realized that many other values can be used here and depending on hardware implementation. The values here are meant to be non-limiting. If the variance computed in step 4 is less than the variance threshold, 0.06% of full scale or less than the offset percentage, 10% of the offset average computed in step 3, and the DC offset computed in step 1 is less than the noise ceiling, 3% of full scale, of the mobile device 100. After initialization is complete, decoding engine 110 can proceed to process the incoming signals to detect the swipe of the card. Otherwise, Steps 1-4 need to be repeated.

The flowchart 1400 continues to block 1404 where decoding engine 110 detects the card swipe once the incoming signals are in a steady state. This signal detection phase processes the incoming signals in steady state in order to detect the presence of a swipe of a card through the card reader. The signal detection phase is a light-weight procedure that operates at near real time. It parses the incoming signals quickly and stitches multiple system buffers of signals together to form a signal of interest. In some embodiments, the signal detection process goes through at least the following steps:

Apply a software upscale of system buffers of the incoming signals.

Begin taking buffers of incoming signals and look for points that exceed a minimum signal amplitude threshold, which is a hardware-based parameterization found empirically.

Set a flag that triggers the detection of a swipe once a single point that exceeds the threshold is detected.

Once the flag triggered, the incoming signal is appended to a larger buffer until the signal drops below a minimum signal amplitude threshold for a certain period of time, e.g., 10 ms.

Trim the last 10 ms of data to reduce the amount of signal data to be processed later.

Check to see if at least a certain number of samples have been collected in the buffer to make sure that there are enough information for later decoding. This number is parameterized based on the hardware of the mobile device used.

Alternatively, a hardware independent swipe detection process can be utilized to capture the signal of interest via Fast Fourier Transform (FFT), while trimming the front and back of the signal. Such process would include at least the following steps:

Retrieve system buffers of incoming signals and keep a certain number of buffers of history of the signals.

Compute the frequency distribution of the signal history kept via FFT.

Locate two maxima in the histogram and check if one maximum is located at 2× the frequency of the other maximum. If this condition is satisfied, continue to add on buffers of history that exhibit such behavior.

Once such behavior has stopped, begin removing signals from the beginning and ending of the signals in the buffers until SNR is maximized, wherein SNR is defined to be the two maxima's amplitudes that are greatest from the next maximum.

The flowchart 1400 continues to block 1406 once a card swipe is detected to be present where decoding engine 110 identifies peaks in the incoming signals. Peak detection is the most complex portion of decoding of incoming signals from credit card swipes, and credit card swipe decodes have traditionally not been done on heavily filtered signals like the signal that enters through the TRS plug, since most mobile device manufacturers assume the incoming signal is audio based. This results in a wide variety of signal filtering that peak detection must account for. Different peak detection approaches discussed below can be utilized by the microprocessor to perform peak detection in the incoming signals in different ways, all applying a basic, moving average low-pass filter to smooth out some of the high frequency noise in order to overcome the low quality data read, sampling speed limitations of the mobile device, and the noise introduced into the mobile device.

Reactive Peak Detection

Reactive peak detection is a heuristics based approach for peak detection, which is well suited for situations where the incoming signals from the card swipe is not excessively distorted by the mobile device's filter circuitry. This approach utilizes at least the following steps to detect signal peaks:

Seed an adaptive positive and adaptive negative threshold with an ambient noise value that is dependent on the hardware of the mobile device. These thresholds will be used for initial peak detection.

Begin processing through the sample buffer, and for each sample in the buffer:

Wait for the threshold to be crossed again when either the negative or positive threshold is crossed, except with a hysteresis factor applied to the threshold for the second crossing. The hysteresis factor is key in making this approach resistant to ringing in the incoming signals, which is associated with the active filter(s) of the platform hardware.

Begin looking for slope changes within this time frame once the two samples where the threshold is crossed have been established.

If more than one slope change is found, compute the midpoint of the two samples.

If only a single slope change is detected, then, pick the maximum point for the slope change.

Compare the peak's amplitude to the previously found peak's amplitude (if this has been established).

Skip the current peak and move on if its amplitude is greater than (([full scale]−[current peak amplitude])/([full scale]*100)+100) % of the previous peak's amplitude.

If the prior step did not result in skipping of the peak, check the peak's polarity against the previous peak's polarity.

If the peak's polarity is the same as the previous peak's polarity, then remove the previous peak and put the current peak in its place.

If the polarity of the current peak has changed, then simply add the current peak to the list of peaks. This step is another key component for making this approach resistant to ringing.

Upon the finding of a peak, update the adaptive threshold of the corresponding polarity as the polarity of the peak just found and the amplitude to be a percentage of this peak's amplitude. Here, the percentage is a parameter varied by the detection approach being used, since higher values more accurately detects peaks, but are not as resistant to noise, while lower values are more resistant to noise, but may pick up errant peaks associated with ringing.

Predictive Peak Detection

Predictive peak detection defers the heavy processing to the digitizing stage of decoding. Predictive peak detection is highly resistant to scratches in the card that could cause low quality or false peak information to manifest in the incoming signals. This approach is more memory intensive than the reactive peak detection approach since more peaks are stored. The approach utilizes at least the following steps to detect signal peaks:

Seed a positive and adaptive negative threshold with an ambient noise value that is dependent on the hardware of the mobile device.

Begin going through the sample buffer. For each sample in the buffer:

Begin waiting for the slope to change when either the positive of negative threshold is crossed.

When the slope changes, store the current sample as a peak.

Maxima Peak Detection

Maxima peak detection detects peaks by looking for local maxima and minima within a window of digital samples. If either of these is at the edges of the window of samples, then the approach skips the window and moves to the next window to look for local maxima and minima. These local maxima and minima are then stored into a list of peaks.

The flowchart 1400 continues to block 1408 where decoding engine 110 identifies the track from which data of the incoming signals are read through the swipe of the card via the card reader. Traditionally, track 1 and track 2 came off of different pins on the read head of a card reader, and so there was no need to guess which track is being read. Since read head 16 in card reader is capable of reading only one track of data from the magnetic stripe, track identification becomes an important issue. This track identification process is run by detection engine 110 after peaks are detected to guess and recognize the track (track 1 or track 2) from which the data is read by card reader by inferring a range of peaks to be expected for signals coming from each track. Since track 1 is known to be much denser in data than track 2, it is thus reasonable to expect more peaks to be identified in data coming from track 1. Although this process is not a definitive guess, it yields the correct track value 99.9% when coupled with the peak detection algorithms described herein in testing. Alternatively, track guessing can be based on the number of bits found in the digital signals after the digitizing stage of decoding. When a decoder fails due to guessing the wrong track (since track identification affects how the bits from the digital signals are framed and matched against character sets), the decoder may simply choose another track type, though this makes the card processing more processor intensive.

The flowchart 1400 continues to block 1410 where decoding engine 110 digitizes the identified peaks in the incoming signals into bits. The digitizing process takes the given peak information turns them into binary data and appends them to an array of digital bits. There are two types of digitizers: reactive digitizing and predictive digitizing.

Reactive Digitizing

Reactive digitizing takes the given peak information as fact, and attempts to convert them into 1s and 0s in the following steps:

Go through all peak information. For each peak:

Identify the distance between each pair of adjacent peaks.

If these distances are similar (e.g., based on a parameter for finding a series of peaks that are equidistant from each other), begin looking for 1s and 0s. The initial peaks always represent zeros, since the credit card is padded with zeros at the front and back of the signal.

Once equidistant peaks are found, identify the number of samples between peaks, which is the number of samples that roughly equate to a bit.

Examine the number of samples between the current peak and the next peak.

Examine the number of samples between the current peak and the peak after the next.

Compare the results from Steps 5 and 6 against the value from Step 4:

If the result from Step 5 is closer to the value from Step 4, then identify the bit found as a 0.

If the result from Step 6 is closer, then identify the bit found as a 1.

Tie breaking: if the distances are equal and the next two peak amplitudes are smaller than the current peak amplitude, then identify the bit found as a 1. Otherwise, identify the bit found as a 0.

Once the peak is determined, update the bit length based on the peak found: if the peak found was a 0, update with the value of Step 5; otherwise, use the value of step 6.

Predictive Digitizing

Predictive digitizing of detected peaks in the incoming signals does not treat the list of peaks as facts. It first finds bit length, and then seeks to a point in the peak list where the next relevant peak should be. Once it reaches this location, it then searches before and after the location for the nearest peak. The process then checks the polarity of this peak compared to the previous peak examined. If the polarities are the same, the bit found is identified as a 1. Otherwise, it is identified as a 0. This method of digitizing a peak list is effective in that it simply ignores any information that is likely irrelevant.

The flowchart 1400 ends at block 1412 where decoding engine 110 converts the array of digitized bits into words of card information. This converting process locates the bit sequence that is the start sentinel in the array. At that point, it takes frames of bits (e.g., 5 bits for track 2, 7 bits for track 1) and decodes them based on a symbol table. Along the way, the process constantly checks for parity and the LRC at the end to ensure the data is correct. If there are any errors in parity, LRC, or track length, blocks 1406-1412 may be repeated with a different set of parameters to get the correct signal data.

When a card swipe begins, decoding engine 110 can combine various peak detectors and digitizers discussed above in order to cover various ranges of degradation in quality of the analog input signal generated by card reader 10. In some embodiments, different process combinations and parameters can be chosen and optimized depending on the hardware platform of the mobile device. These combinations and parameter values can be pre-determined based on experimentation and testing and initialized upon starting of the decoding process. The decoding then runs through all processes specified and runs certain specific processes multiple times in order to get the correct signal. Such decoding process allows automatic scaling and adjustment during each run to account for different amounts of noise, sampling speed variations, signal ringing, and swipe direction.

Card Present Transaction without Information Sharing

In the example of FIG. 1, user interaction engine 120 is a software application running on mobile device 100 associated with a payee (merchant) that enables the payer (buyer) and the merchant to interact with transaction engine 130 to complete a financial transaction. More specifically, it may take input of information related to the financial transaction from the buyer and/or the merchant, provide such input to transaction engine to initiate and complete the transaction, and present the result of the transaction to the buyer and the merchant. Here, the input of information accepted by user interaction engine 120 may include but is not limited to one or more of: amount of the transaction, including list price and optionally tips, additional notes related to the transaction such as written description and/or pictures of the item to be purchased, authorization and/or signature of the buyer.

In some embodiments, other than the conventional keyboard, user interaction engine 120 may utilize a touch screen of mobile device 100 to enable the buyer and the merchant to input numbers, characters, and signatures by touching the screen via a stylus or a finger.

In some embodiments, in addition to the result of the transaction, user interaction engine 120 may also present products or services provided by the merchant to the buyer in combination of one or more of text, pictures, audio, and videos, and enable the buyer to browse through the products and services on the mobile device to choose the one he/she intended to purchase. Such product information can be stored and managed in product database 150.

In the example of FIG. 1, transaction engine 130 takes as its input the decoded credit card information from decoding engine 110 and transaction amount from user interaction engine 120. Transaction engine 130 then contacts third party financial institutions such as an acquiring bank that handles such authorization request, directly or through a payment system, which may then communicate with the card issuing bank to either authorize or deny the transaction. If the third party authorizes the transaction, then transaction engine 130 will transfer the amount of money deducted from the account of the card holder (e.g., the buyer) to an account of the merchant and provide the transaction results to user interaction engine 120 for presentation to the buyer and the merchant. In this manner, the merchant may accept a payment from the buyer via card reader 10 and mobile device 100.

In the example of FIG. 1, although mobile device 100 is associated with the merchant, transaction engine 130 running on mobile device 100 protects the privacy of the buyer/payer during the card-present transaction by taking card information from the buyer directly from decoding engine 110 and do not share such information with the merchant via user interaction engine 120. Here, the card information that are not shared with the merchant includes but is not limited to, card number, card holder's name, expiration date, security code, etc. In essence, transaction engine 130 serves as an intermediary between the buyer and the merchant, so that the buyer does not have to share his/her card information with the merchant as in a typical card-present transaction or an online transaction. Still, the buyer is able obtain an itemized receipt for the transaction completed as discussed later.

In some embodiments, although transaction engine 130 does not share card information of the buyer to the merchant, it may present identity information of the buyer, such as a picture of the buyer on record in user database 140, with the merchant via user interaction engine 120 so that merchant can reliably confirm the identity of the buyer during the card-present transaction to prevent credit fraud.

In the example of FIG. 1, user database 140, product database 150, and transaction database 160 can be used to store information of buyer and the merchant, products and services provided by the merchant, and transactions performed, respectively. This information can also be stored by the payment system. Here, user information (e.g., name, telephone number, e-mail, etc.) can be obtained through online user registration and product information can be provided by the merchant, while transaction database 160 is updated every time a transaction is processed by the transaction engine 130. Information stored can be selectively accessed and provided to the buyer and/or merchant as necessary.

In the example of FIG. 1, transaction engine 130 communicates and interacts with the third party financial institution directly or through the payment system, user database 140, product database 150, and transaction database 160 over a network through the payment system (not shown). Here, the network can be a communication network based on certain communication protocols, such as TCP/IP protocol. Such network can be but is not limited to, internet, intranet, wide area network (WAN), local area network (LAN), wireless network, Bluetooth, WiFi, and mobile communication network. The physical connections of the network and the communication protocols are well known to those of skill in the art.

Dynamic Receipt

In various embodiments, upon the completion of a financial transaction through, for a non-limiting example, card reader 10 connected to mobile device 100 associated with a merchant, transaction engine 130 running on the mobile device 100 can be configured to capture additional data associated with the transaction and incorporate the additional data into a dynamic receipt for the transaction, wherein in addition to transaction information typically included in a conventional receipt, the dynamic receipt may also include additional environmental information of the transaction. For non-limiting examples, the financial transaction can be an electronic transaction conducted over the Internet or a card present point-of-sale transaction where the buyer/payer makes the purchase at a store front, other “brick-and-mortar” location, or simply in presence of a merchant/payee.

In some embodiments, the additional environmental information included in the dynamic receipt may include information pertaining to the transaction environment. In one non-limiting example, a mobile device equipped with a Global Positioning System (GPS) receiver can be used to capture the coordinates/location of the transaction, and record it as a part of the information on the dynamic receipt. This way, the physical location of the point of sale (which may be different from the merchant/payee's registered address) can be recorded and used by transaction engine 120 to verify the transaction. In another non-limiting example, a mobile device equipped with a camera and/or audio and/or video recorder can be used to capture a photo and/or a video and/or an audio recording of the product or service involved in the transaction and incorporate such data or link/reference to such data into the dynamic receipt. In another non-limiting example, a mobile device with a biometric scanner can be used to scan the fingerprint or palm print of the buyer/payer and/or merchant/payee and includes at least a portion of such information in the dynamic receipt. In another non-limiting example, the mobile device can record certain information associated with the transaction in the dynamic receipt, wherein such information includes but is not limited to, how quickly the buyer swipes the card, the angle at which the card is swiped. In another non-limiting example, special characteristics of the card being swiped, also referred to as the magnetic fingerprint of the card, can be recorded and included in the dynamic receipt.

In some embodiments, the dynamic receipt can be in electronic form that can be accessed electronically or online and may also include link or reference pointing to multimedia information such as image, video or audio that are relevant to the transaction.

In some embodiments, transaction engine 130 can use the environmental information included in the dynamic receipt to assess risk associated with a transaction. For a non-limiting example, if the GPS information indicates that the transaction is taking place in a high crime/high risk area, the risk associated with the transaction is adjusted accordingly, and the buyer's bank may be notified accordingly. Alternatively, biometric information scanned and included in the dynamic receipt can be used for identity verification purposes to prevent identity theft and credit fraud.

In some embodiments, transaction engine 130 can use the dynamic receipt can be used as a non-intrusive way to communicate with the buyer and/or the merchant. For a non-limiting example, the additional information included in the dynamic receipt can be used to make offers to the buyer. If a dynamic receipt includes the GPS location of the point of sale of the transaction, coupons or other promotional offers made by vendors at nearby locations can be presented to the buyer when the buyer chooses to view the receipt electronically online. Alternatively, if a specific product involved the transaction can be identified by the transaction engine either directly through product description or indirectly by analyzing pictures or videos taken, offers of similar or complementary products can be made by a vendor to the merchant of the product.

In some embodiments, transaction engine 130 may notify buyer and/or the merchant of the receipt via an electronic message, which can be but is not limited to, an email message, a Short Message Service (SMS) message, Twitter, or other forms of electronic communication. The recipient of the electronic message may then retrieve a complete itemized dynamic receipt online at his/her convenience via a telephone number on his/her record in user database 140 to retrieve his/her electronic receipts stored in transaction database 160. In some embodiments, the electronic message may include an indication such as a code that the recipient can use to retrieve the electronic receipt online as an alternative or in combination with the telephone number.

FIG. 15 depicts a flowchart of an example of a process to support financial transaction between a payer and a payee through a miniaturized card reader, which has length and height dimensions smaller than length of height dimensions of the associated mobile device, connected to a mobile device. In the example of FIG. 15, the flowchart 1500 starts at block 1502 where an amount of a financial transaction is provided through an interactive user application launched on the mobile device as shown in FIG. 16( a). The flowchart 1500 continues to block 1504 where a miniaturized card reader structured to minimize swipe error is connected to the mobile device as shown in FIG. 16( b). The flowchart 1500 continues to block 1506 where a card is swiped through the card reader to initiate the financial transaction as shown in FIG. 16( c). The flowchart 1500 continues to block 1508 where the payer confirms the amount of the card-present transaction via a signature signed via the interactive user application on the mobile device to complete the transaction as shown in FIG. 16( d). Payments are made with the use of the payment system which is coupled to the mobile device 100 Note that the signature is required as an additional layer of confirmation for the protection for the payer even when such signature may not be technically required to authorize the transaction. The flowchart 1500 continues to block 1510 where result of the transaction is received and presented to the payer and/or merchant as shown in FIG. 16( e) through the use of the payment system. The flowchart 1500 ends at block 1512 where an electronic receipt of the transaction is provided to the payer in the form of an electronic message as shown in FIG. 16( f).

In one embodiment, a longitudinal plane of the of the output jack 18 lies within the plane that the card travels in the slot 14 within 5 mm, and in another embodiment within 3 mm.

Referring now to FIG. 17, in one embodiment of the present invention an integrated read head system includes mobile device 212 with an audio jack 214 at least one microphone input port 216 and other ports, including but not limited to a USB port. A read head 218 is physically coupled to the mobile device 212. The read head 218 has a slot 220 for swiping a magnetic stripe of a financial transaction card to enable a financial transaction between a buyer and seller with the payment system. The read head 218 reads data on the magnetic stripe and produces a signal indicative of data stored on the magnetic stripe. The read head 218 has an output jack 222 that physically connects the read head 218 to at least one of the audio jack 214 or microphone port 216 of the mobile device 212, the USB port and the like. The read head 218 provides the signal to the mobile device 212. The signal is decoded at the mobile device 212. The decoding includes determining pulses in the signal and converts at least some of the pulses to characters.

In another embodiment of the present invention, a method is provided for conducting a financial transaction with a financial transaction card using the integrated read head system 210.

In one embodiment of the present invention, as illustrated in FIG. 18, a method of paying a second party (payee) is provided. In this embodiment, a first party (payer) views the names of one or more qualified second parties. The qualified second parties are second parties that, (i) have an association with the payment service, and (ii) second parties that if they do not have an established association with the payment service then they have established one prior to payment. The first party has an association with the payment service. A tab is opened by the first party that can be selected by the qualified second party at any geographic location of a first party's mobile device 100. The qualified second party is only able to charge a first party's financial account when the first party's mobile device 100 is within a defined geographic area. The tab is a relationship between the first party, the payment service and the qualified second party, The qualified second party can engage in a financial transaction with the first party is within the defined geographic area. The overall architecture of the payment system is illustrated in FIG. 19.

The first party's mobile device 100 is configured to communicate with the payment service. The first party views the names of the one or more qualified second parties with the first party's mobile device 100. The first party establishes the first party's financial account. The first party enters financial account information with a single initial entry to the payment service and additional entries of the financial account information to the payment service are not required for future financial transactions between the first party and any qualified second party when the same payment service is used.

The financial account is selected from at least one of, a bank account, credit card, debit card, pre-paid card, a second party financial account and the like. The financial account is selected by the first party by at least one of, use of a mobile device 100, from a bank terminal, done on-line and the like. The first party's financial account can be a financial transaction card, and the entering of the first party's financial card information is with a mobile device 100. Entering of the financial card information can be done by, swiping the financial transaction card through a slot of a card reader coupled to the mobile device 100, through a slot of the mobile device 100, by touch of the financial transaction card to the mobile device 100, by typing in information at the mobile device 100, with photos, by selecting a card from an application on a mobile device 100, from an on-line entity and the like. The mobile device 100 is a device as described above.

The qualified second party can see a list of first parties that have an association with the payment service. The qualified second party can view a list of first parties with open tabs. The list of first parties seen by the qualified second party has first party identifying information. The identifying information is anything that reliably identifies the first party and can include, but is not limited to, names, photos, cell number, social security number, e-mail address, other personal identifying information for a first party and the like.

In another embodiment, a method of paying a second party a first party views the names of one or more qualified second parties with a mobile device 100. Preferably, the mobile device 100 is the first party's mobile device 100. A tab is then opened by the first party as recited above that can be selected by the qualified second party at any geographic location of the first party's mobile device 100, but the qualified second party is only able to charge a first party's financial transaction card when the first party's mobile device 100 is within a defined geographic area In one embodiment, the mobile device 100 is coupled to a card reader that includes an output jack adapted to be inserted at least one of the audio input port or microphone input port, USB port and the like of the mobile device 100 and delivers a signal to the mobile device 100. In various embodiments, the sampling rate of the signal at the audio input port or a line input port of the mobile device 100 is at least 15 kHZ, 20 kHz., 30 kHz, 40 kHz and the like.

Entering of the financial card information can be achieved by a variety of methods including but not limited to, swiping the financial transaction card through a slot of a card reader coupled to the mobile device 100, through a slot of the mobile device 100, with a touch of the financial transaction card to the mobile device 100, typing in information at the mobile device 100, with photos, selecting a card from an application on a mobile device 100 and from an on-line entity and the like.

A confirmation of payment can be made to the first party in response to a transfer of funds from the financial transaction card. In various embodiments, the financial transaction card is selected from at least one of, credit financial transaction card, debit financial transaction card, gift financial transaction card, fund transfer financial transaction card, other types of payment authenticating piece capable of carrying out a transfer of funds and the like, as set forth above.

In another embodiment of the present invention, illustrated in FIG. 20, a method is provided of conducing on-line purchases using a mobile device 100. A first party visits a second party on-line entity. The first party accesses a second party on-line entity. The first party is already registered with the payment service or becomes registered prior to the conclusion of completing a transaction. The mobile device 100 is configured to communicate with the payment service. The first party considers conducting a transaction with the second party on-line entity. The second party on-line entity is registered with the payment service, or in response to the first party's desire to transact with the second party on-line entity, the second party on-line entity becomes registered with the payment service. The first party enters personal identifying information that is sent to the payment service. In response, the first party receives a push notification to the first party's mobile device 100 that enables the first party to complete the transaction with the second party on-line entity.

In various embodiments, the first party's personal identifying information is entered by at least one of, use of a mobile device 100, from a bank terminal, done on-line and the like. For the transaction, the first party uses the first party's financial account. The first party enters financial account as recited above, which does not require re-entry with the payment service for future transactions with second parties that are also registered with the payment service.

In one embodiment, the first party uses the first party's financial transaction card for the transaction where the card information is entered to the payment service as recited above. Additionally, the first party enters it's personal indentifying information with the payment service only once as recited above and need not re-enter for second party transactions.

In various embodiments, the on-line entity is any second party that can transact business with the payment service including but not limited to, merchants, peers and the like.

In one specific embodiment, the first party enters its personal identifying information, that is sent to the payment service, using the first party's mobile device 100. In this embodiment, the first party can use a first party financial card to complete the transaction. The first party's mobile device 100 is coupled to a card reader that includes an output jack adapted to be inserted at least one of the audio input port or microphone input port, USB port and the like, of the mobile device 100 and delivers a signal to the mobile device 100.

In another embodiment of the present invention, illustrated in FIG. 21, a method is provided for transferring funds to and/or from the first party's financial account. The first party's financial account information is entered with a single initial entry to the payment service. Funds are transferred to and/or from the first party's financial account using the payment service. The funds can be transferred to the first party, or to second parties. The first party's financial account, including but not limited to a financial transaction card can be the destination of the funds. A simple swipe of the first party's financial transaction card can make the financial transaction card a funding source. The first party is either registered with the payment service, or becomes registered prior to the transfer of funds to and/or from the financial account using the payment service. For future uses of the first party's financial account, to transfer funds to and/or from the first party's financial account, the first party's financial account information need not be re-entered again with the payment service.

In another embodiment, funds are transferred from the first party's financial account to a second party using the payment service.

In one embodiment, the second party is already registered with the payment service or becomes registered with the payment service prior to the transfer of funds from the first party. In another embodiment, the second party is not registered with the payment service.

In one specific embodiment, funds are transferred to and/or from the first party's financial account using the payment service, e.g., to the first party or to a second party, where the financial account is a bank account, credit card, debit card, pre-paid card, a third party funding source and the like. In another specific embodiment,

In another embodiment, the first party's financial card is entered with a single initial entry to the payment service using a mobile device 100. Again, for future uses of the first party's financial transaction card to transfer funds using the payment service to a second party, the first party's financial transaction card information need not be entered again.

Again, the entering of the financial card information to the payment service can be achieved by, swiping the financial transaction card through a slot of a card reader coupled to the mobile device 100, through a slot of the mobile device 100, with a touch of the financial transaction card to the mobile device 100, typing in information at the mobile device 100, with photos, selecting a card from an application on a mobile device 100, from an on-line entity and the like.

In another embodiment of the present invention, a method of conducting a financial transaction includes the first party's financial account information being entered once, e.g, with a single initial entry to the payment service. For future uses of the first party's financial account to transfer funds using the payment service to a second party, the first party's financial account information need not be entered again with the payment service. The second party's personal identifying information is entered. Funds are transferred from the first party's financial account to an account of the second party with the use of the payment service.

In another embodiment, the first party's financial transaction card information is entered with a single initial entry to the payment service. Again, for future uses of the first party's financial transaction card to transfer funds using the payment service to a second party, the first party's financial account information need not be entered again with the payment service. The second party's personal identifying information is entered and funds are transferred from the first party's financial account to an account of the second party with the use of the payment service.

In various embodiments, (i) the second party has an association with the payment system, (ii) the first party and the second party each have an association with the payment system, (iii) the first party has an association with the payment system but the second party does not.

In one embodiment, the first party uses a send money mode of the first party's mobile device 100. In various embodiments, the second party is (i) anybody on the first party's phone list, (ii) not on the first party's phone list but is added to the first party's phone list in response to a transaction, (iii) the second party has an association with a payment system or is a database of the payment system, (iv) the second party does not have an association but then has one in response to a text message or equivalent sent to the second party, and the like. In response to the text message, the second party either accepts or rejects.

In another embodiment, the first party's financial transaction card information is entered with a single initial entry to the payment service. Again, for future uses of the first party's financial transaction card information to transfer funds using the payment service to a second party, the first party's financial account information need not be entered again with the payment service. The second party's mobile device 100 number is entered in the first party's mobile device 100. In response, funds are transferred from the first party to an account of the second party.

In one embodiment of the present invention, the read head 310 reads track 1 of the financial transaction card. Track 1 is 210 bytes per inch and is more difficult to decode than track 2. In one embodiment of reading track 1, the signal is interpreted and transferred at a constant rate 2400 baud.

In another embodiment, the read head 310 is configured to be positioned to provide for rotation of up to 10 degrees while still registering on a track to be read. The location of the read head 310 relative to the mobile device 312, and the microphone port of the mobile device 312, is off set from a center of track 1 in order to bias it to a bottom of track 1. As a non-limiting example, the offset can be 0.05 inches in the direction x and 0.040 inches in the y direction.

In another embodiment, illustrated in FIG. 22, a spring member 314 is attached to the read head 310 that provides for increased accuracy and read head 310 adjustment by creating less friction on the financial transaction card. The spring member 314 can be softer and be a one leaf design retained on only one side. The spring member 314 can be a cantilever spring member 314 with a pre-load onto an opposing wall on a back bone at an angle of about 3-7 degrees to ensure that the read head 310 is substantially perpendicular to the magnetic strip when the financial transaction card is read. The spring member 314 can be part of a sub-assembly 316 that is coupled to a PCB 318 at one end and coupled to the back bone 320.

In one embodiment, the mobile device 312 provides encryption and authentication. In this embodiment, each card reader 322 can have a unique key that can be included in the microprocessor 324 of the PCB 318. The financial transaction card is swiped and the signal interpreted. The microprocessor 324 than encrypts the data using a HWID and counter. The signal is encrypted when received at the mobile device 312 with an ID and counter. The signal sent to the back end 326 of the payment system where the identification of the read head 310 is determined and the signal is decrypted.

At the back end 326, the payment system can use HWID and decode the encrypted signal from the mobile device 312 using a hard function decode. Using HWID, encrypted hash function decode, the complete CC with CRC is reconstructed which is then sent to a payment gateway 328 as illustrated in FIG. 23. An acknowledgement of a good or bad transaction is then sent back to the mobile device 312.

As illustrated in FIG. 24, the output from a read of the track goes to an amplifier, differentiator, into a comparator and then into a microcontroller. The output to the comparator is analog, and digital into the microcontroller and into the mobile device 312.

Several fields of cardholder information are sent to the server at the back end 326 in either an encrypted or authenticated format. In one embodiment, the protocol has several fields: length of message, counter, hardware id, authenticated message length, issue type, last 4 digits of the financial transaction card, cardholder name, PAN number, expiration date, service code, and an authentication tag.

Referring to FIG. 25, in various embodiments, the card reader 322 accepts a raw signal from the read head 310 and processes the financial transaction card read on the fly. A CRC check is performed. The buyer's name, type of financial transaction card from the ABA table, and the last four numbers of the financial transaction card are in an encrypted packet forwarded to the mobile device 312. In one embodiment part of the CC that are encrypted and parts are authenticated. In one specific embodiment, a 2400 baud 8-N-1 serial protocol is used in the packet sent to the mobile de vice. The mobile device 312 interprets the 2400 baud serial transmission and sends an encrypted packed with other financial transaction card information to the backend 326 of the payment system.

Referring to FIG. 26, in one embodiment, the slot of the read head 310 has directionality. In one embodiment, the slot has a wider entrance track and the read head 310 is biased in one direction. These enables a user to rock the financial transaction card through the slot more in one direction that in the other. In one embodiment, the slot can have a wider entrance track and the read head 310 is biased in one direction. These enables a user to rock the financial transaction card through the slot more in one direction that in the other.

The read head 310 can include a power source 330 as illustrated in FIG. 27. The power source 330 can be a battery coupled to the microprocessor 324. In another embodiment, power to the read head 310 is provided by the mobile device 312. In one embodiment, wake-up detection is provided and the power source 330 is in a sleep mode until a swipe of a transaction card is initiated.

In one embodiment, the read head 310 is a four piece plastic mold. The spring member 314 can be soldered onto the PCB 318 to form the sub-assembly 316.

As a non-limiting example, the read head housing 330 can be heat-staked onto the back side of the backbone 320. The battery 330 can be attached to the front side of the backbone 320 with PSA. With the front cover, it can be attached to the backbone 320 using ultrasonic welding. A TRS connector can be placed onto the back bone and the connection soldered to the PCB 318. The back cover can be attached to the backbone 320 to complete the assembly.

In various embodiments, the card reader 322 is coupled to various ports of the mobile device 312, including but not limited to the microphone port, the USB port, accessory port.

In another embodiment, the card reader is coupled to other ports of the mobile device 100, including but not limited to the USB port, accessory port and the like.

In one embodiment of the present invention, a method is provided of conducting a financial transaction with reduced likelihood of fraud. A financial transaction is entered into using a first party's financial transaction instrument to transfer funds. The first party's financial transaction instrument information is sent externally to the mobile device 100. The financial transaction instrument information is sent from the financial transaction instrument such as a mobile device 100 to a payment system. A determination is made to see if there is fraudulent use of the financial transaction instrument 100 prior to completion of the financial transaction. The mobile device 100 can be a merchant's mobile device 100. The determination of fraudulent use can be made either at the mobile device 100 or the payment system. In one embodiment, the first party's financial transaction instrument information is only sent once to the mobile device 100 and need not be done again for future purposes.

The financial transaction instrument 100 is selected from at least one of those listed above, as well as a person's financial account and the like.

In one embodiment, a location identifier is received from a position-sensing device indicating a location where the request is submitted or information that can lead to identification of the location where the request is submitted. The position-sensing device can be selected from a group of eligible devices. Information identifying the selected position-sensing device can be received by the request processor in advance of the request processor receiving the submitted request; and determining whether to service the request based at least in part on the received location identifier or information. The submission device can be embodied in an apparatus separate from an apparatus housing the position-sensing device. The submission device and the position-sensing device can be integrated in the mobile device 100.

In another embodiment, the first party's financial account information is entered using the first party's mobile device 100 with a single initial entry to a payment service. Funds are transferred to and/or from the first party's financial account using the payment service. The first party is registered with the payment service, or becomes registered prior to transferring funds to and/or from the financial account using the payment service. For future uses of the first party's financial account to transfer funds to and/or from the first party's financial account, the first party's financial account information need not be entered again with the payment service. In response to, (i) entering the first party's financial account information or (ii) using the first party's mobile device 100 for a financial transaction following the single initial entry to the payment service, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account information is committed.

In another embodiment, the first party's financial account information is entered using the first party's mobile device 100 with a single initial entry to a payment service. Funds are transferred from the first party's financial account to a second party using the payment service. The first party is either registered with the payment service, or becomes registered prior to transferring funds to and/or from the first party's financial account using the payment service. For future uses of the first party's financial account to transfer funds to and/or from the first party's financial account, the first party's financial account information need not be entered again with the payment service. In response to, (i) entering the first party's financial account information or (ii) using the first party's mobile device 100 for a financial transaction following the single initial entry to the payment service, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account information is committed.

In another embodiment, the first party's financial account information is entered using the first party's mobile device 100 with a single initial entry to the payment service. The first party's financial account is selected from at least one of, a bank account, credit card, debit card, pre-paid card and a third party funding source. Funds are transferred to and/or from the first party's financial account using the payment service. The first party is either registered with the payment service, or becomes registered prior to transferring funds to and/or from the financial account using the payment service. For future uses of the first party's financial account to transfer funds to and/or from the first party's financial account, the first party's financial account information need not be entered again with the payment service. In response to, (i) entering the first party's financial account information or (ii) using the first party's mobile device 100 for a financial transaction following the single initial entry to the payment service, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account information is committed.

In another embodiment, a first party's financial account information is entered using the first party's mobile device 100 with a single initial entry to a payment service. The first party's financial account is selected from at least one of, a bank account, credit card, debit card, pre-paid card and a third party funding source. Funds are transferred from the first party's financial account to a second party using the payment service. The first party is registered with the payment service, or becomes registered prior to transferring funds to and/or from the first party's financial account using the payment service. For future uses of the first party's financial account to transfer funds to and/or from the first party's financial account, the first party's financial information need not be entered again with the payment service. In response to, (i) entering the first party's financial account information or (ii) using the first party's mobile device 100 for a financial transaction following the single initial entry to the payment service, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account information is committed.

In another embodiment, a first party's financial transaction card information is entered using the first party's mobile device 100 with a single initial entry to a payment service. For future uses of the first party's financial transaction card to transfer funds to and/or from the first party's financial transaction card, the first party's financial transaction card information need not be entered again with the payment service. In response to, (i) entering the first party's financial transaction card information or (ii) using the first party's mobile device 100 for a financial transaction following the single initial entry to the payment service, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account information is committed.

In another embodiment, a first party's financial transaction card information is entered using the first party's mobile device 100 with a single initial entry to a payment service. Funds are transferred from the first party's financial transaction card to a second party using the payment service. The first party is registered with the payment service, or becomes registered prior to transferring funds to and/or from the first party's financial transaction card using the payment service. For future uses of the first party's financial transaction card to transfer funds to and/or from the first party's financial transaction card, the first party's financial transaction card information need not be entered again with the payment service the first party's financial. In response to, (i) entering the first party's financial transaction card information or (ii) using the first party's mobile device 100 for a financial transaction following the single initial entry to the payment service, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account information is committed.

In another embodiment, a first party accesses names of one or more qualified second parties. The qualified second parties are defined as second parties having an association with the payment service, and second parties that if they do not have an established association with the payment service, have an established association with the payment service prior to payment. The first party has an association with the payment service. A tab is opened by the first party that can be selected by the qualified second party at any geographic location of a first party's mobile device 100. The qualified second party is only able to charge a first party's financial account when the first party's mobile device 100 is within a defined geographic area. The tab is a relationship between the first party, the payment service and the qualified second party. The qualified second party can engage in a financial transaction with the first party when the first party is within the defined geographic area. In response to the second party, (i) attempting to charge the first party or (ii) charging the first party, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial account is committed.

In another embodiment, names of one or more qualified second parties are accessing by the first party with the first party's mobile device 100. The second parties have an association with the payment service, or if not have one prior to payment. The first party has an association with the payment service. A tab is opened by the first party that can be selected by the qualified second party at any geographic location of the first party's mobile device 100. The qualified second party is only able to charge a first party's financial transaction card when the first party's mobile device 100 is within a defined geographic area. The qualified second party can engage in a financial transaction with the first party when the first party is within the defined geographic area. In response to the use of the first party's mobile device 100 to pay the second party, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial transaction card is committed.

In another embodiment, a first party accesses a second party on-line entity. The mobile device 100 is configured to communicate with the payment service. The first party considers conducting a transaction with the second party on-line entity. The second party on-line entity is registered with the payment service or in response to the first party's desire to transact with the second party on-line entity, the second party on-line entity becomes registered with the payment service. The first party enters personal identifying information that is sent to the payment service. The first party receives a push notification to the first party's mobile device 100 that enables the first party to complete the transaction with the second party on-line entity. In response to the first party receiving the push notification to the first party's mobile device 100, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial transaction card is committed.

In another embodiment, a first party visits a second party on-line entity. The first party considers conducting a transaction with the second party on-line entity. The first party enters personal identifying information using the first party's mobile device 312 and this is sent to the payment service. The first party receives a push notification of the first party's mobile device 312 that enables the first party to complete the transaction with the second party on-line entity. In response to the first party receiving the push notification to the first party's mobile device 312, a determination is made to see if a fraudulent attempt or fraudulent use of the first party's financial transaction card is committed.

Referring now to FIG. 28, a mobile device 412 can include a position sensor 416. In this embodiment, the mobile device receives financial transaction card information by any of the methods listed above. The financial transaction card information is sent from the mobile device to a payment system for processing. The mobile device 412 can be capable of transmitting position information to the payment system and can include a position sensor 416 configured to detect a position of the mobile device and send this position information to the payment processing system via a variety of methods including but not limited to wireless and the like. Mobile device 412 can send the financial card transaction information substantially simultaneously and position information to payment system. Payment system 414 can includes an associated database of permissible and/or impermissible use areas for a particular user's mobile device 412.

Payment system 414 can be configured to check position information of the mobile device 412 against the permissible and/or impermissible use areas for each user, and thereby determine if the device is being used in an impermissible use area for the user. If so, the payment system 414 is configured to indicate that a possibility of fraud exists in the pending transaction. If the possibility of fraud is detected, the system may be configured to take an action, such as preventing fulfillment of the transaction due to the possibility of fraud.

The payment system 414 can be as described above and can include a conventional computing system with storage medium having programming instructions designed to implement the present invention, and one or more processors to execute the programming instructions.

In one embodiment, when a financial transaction cardholder is issued a financial transaction card, the cardholder may be asked to give the geographic location of their home and office, as well as any other locations that the cardholder frequently place on-line orders and use the credit card. This information may be obtained during the application process or on an ongoing basis. The information may be entered into a database.

Thus, when a financial transaction is conducted using a mobile device 412 current location information can be provided to the payment system 414 where a check can be performed for whether the financial transaction is being conducted from a permissible location. If the financial transaction is not being conducted from a permissible location, the financial transaction may be rejected. Additionally, a warning in the form of a message and/or a call may be provided to the financial transaction cardholder.

Referring to FIG. 29, in another embodiment, a card reader 416, which can be any of the card readers described herein, can include a position sensor 416. In a financial transaction, the position of the card reader 416 is determined when a financial transaction is entered into, wherein financial card transaction information can be sent to the mobile device 412, and then sent to payment system 414.

The payment processing system 414 can detect the position of the card reader 418 and therefore, the position of the payment device in a payment device-present transaction

In another embodiment, a position sensing device 420 can be included. The position-sensing device 420 can be configured to send position information to a position tracking system 422. The communication link between position tracking system 422 and position-sensing device 420 may be a satellite link such as used in a global positioning satellite system, radio frequency link, optical link such as infrared, or virtually any other communication link suitable for use in position detection.

As shown in FIG. 30, a security device-present transaction system 424 can be utilized and can utilize location indicators, alone or in combination with other parameters, to determine the security clearance for access to a particular secured location. Security device-present transaction system 424 can include a security device 426 configured to be read by a security device reader 428. Security device 426 may be a card or badge encoded with security information, such as an access code, a mobile device, a card reader and the like, configured to transmit security information to security device reader 424 via an infrared or other communication link. Further, the security device may be any other device capable of providing the appropriate security and position information to security device reader 424. In particular, security device 426 may include a position sensor 416, configured to transmit information about its relative geographical location.

Security access control system 430 is further configured to detect the location or position of security device 426 and/or security reader 428 by the position information received from position sensor 416. Alternatively, the security access control system 430 can be configured to detect the position of the security device reader (and therefore the position of the security device in a device-present transaction), by resolving a security identifier using a database of known security identifier locations. For example, the security identifier 1234567 may correspond to a gated entrance to a secured building.

In order to detect an improper use of security device 426, security access control system 430 is configured to compare the position of position-sensing device 416 the location or position of a current transaction involving security device 426 (i.e., the location or position of security device 426 and/or security device reader 428). If the locations of the position-sensing device 416 and the security device 426 are different, or alternatively, if the locations of position-sensing device 416 and security reader 428 are different, then the security access control system is configured to determine that there is a possibility of improper use of the security device in the current transaction.

Upon determining the possibility of improper use, the system 430 is configured to take a designated action, such as warning a security attendant and/or by automatically locking an entrance to a secured area.

The security control system may be implemented with conventional computing system with storage medium having programming instructions designed to implement the present invention, and one or more processors to execute the programming instructions.

In one embodiment of the present invention, illustrated in FIGS. 16( b) 16(c), 31 and 32, a card reader, generally denoted as 510, is provided that includes a housing 512 and a read head 514 positioned therein. The read head 514 is configured to be coupled to a mobile device 516 and includes a slot 518 for swiping a magnetic stripe of a card 520. In one embodiment, the card reader 510 with the slot 518 is utilized for a transaction between a buyer and seller. The read head 514 reads data on the magnetic stripe and produces a raw magnetic signal indicative of data stored on the magnetic stripe.

Referring now to FIGS. 33 and 34, device electronics 522 are provided that include an analog to digital front-end 524 and a microcontroller 526. The analog to digital front end 524 is coupled to a processing element 528 in the microcontroller 526. The analog to digital front end 524 receives a raw magnetic head signal from the magnetic head 525, FIG. 35, and converts it into a processed digital signal that the microcontroller 526 can interpret, with the microcontroller 526 producing a signal. An output jack 530 of the card reader 510 is adapted to be inserted in a port of the mobile device 516 and deliver an output jack signal to the mobile device 516.

The microcontroller 526 is configured to convert raw bit patterns into formatted credit card 520 information. The microcontroller 526 can independently determine if the card data is valid. The card reader 510 can accept motion of the card 520 bi-directionally at either end of the slot 518 and at varying velocities as it is swiped through the slot 518. In one embodiment, the mobile device 516 detects the card reader 510 as a microphone.

In various embodiments, the output jack signal is an encrypted output jack signal, and encrypted and signed output jack signal and the like. The signal from the microcontroller 526 can be the output jack signal. The output jack signal can be a synchronous Manchester encoded stream, an asynchronized stream and the like. In one embodiment, the output jack signal is at a frequency that the output jack signal appears to look AC to a microphone input of the mobile device 516. In one embodiment, a frequency of the output jack signal is 2 KHz to 48 kHz, and in another it is 2.4 kHz. The output jack signal can be a low-amplitude analog waveform.

In one embodiment, the read head 514 sends the output jack signal to the mobile device 516 at a constant baud rate. As a non-limiting example, the constant baud rate is 2400 to 9200 baud.

In one embodiment, the microcontroller 526 has a non-volatile memory with a size of 2-8 kbytes, and RAM with a size 128-512 bytes. In an embodiment, the analog to digital front end 524 is configured to capture card 520 readings that are swept at a rate of 5 inches to 50 inches per second.

In one embodiment, the analog to digital front end 524 includes, an amplifier or amplifier/filter, (collectively 532) (FIG. 36), differentiator 534 (FIG. 37), a comparator 536 (FIG. 38) and can include have wake-up electronics 538 (FIG. 39) which can be a wake-up circuit. A power source 540 (FIGS. 40 and 41), including but not limited to a battery, can be coupled to the wake-up electronics 538. The wake-up electronics 538 signals the microcontroller 526, which in turn puts the device electronics 522 into an active mode from a sleep mode and back into the sleep mode when a card 520 swipe signal stops. The wake-up electronics 538 is powered down by the microcontroller 526 when the device electronics 522 is in the active mode. In various embodiments the wake-up electronics 538, (i) utilize an op-amp, (ii) utilize an op-amp, a discrete transistor, and associated passive components and the like. Portions of the analog circuitry can be powered-down to conserve power when not in use, and automatically powered-up when the beginning of a card 520 swipe is detected.

In one embodiment, the wake-up electronics 538 are powered by a microphone bias of a mobile device 516. In another embodiment, the microphone-bias line is used both for power and for data transmission back to the mobile device 516.

The wake-up electronics 538 detects when there is an edge from leading zeros of a card 520 being swiped and alerts to wake up the microcontroller 526 and device electronics 522. The device electronics 522 wakes up in enough time to process and encrypt a card 520 swipe signal.

The device electronics 522 can include the amplifier/filter 532, differentiator 534, comparator 536, transmission electronics 542 (FIG. 42), the microcontroller 526 and optionally the wake-up electronics 538.

The raw magnetic head signal is amplified by the amplifier/filter 532 and processed before the microcontroller 526 accepts it as an input. The differentiator 534 takes the output of the amplifier/filter 532 and differentiates it, looking for peaks in the input signal. The comparator 536 takes the output of the differentiator 534 and compares it to a reference voltage and produces an output that is a processed digital version of a magnetic swipe. The comparator 536 looks for where an input signal crosses zero. The microcontroller 526 accepts the comparator 536 inputs, processes the comparator 536 inputs and encrypts at least a portion of data of the comparator 536 input. The microcontroller 526 controls power to the amplifier/filter 532, differentiator 534 and the comparator 536. The comparator 536 can be included as part of the microcontroller 526. The transmission electronics 542 accepts output data of the microcontroller 526 as an input and uses this to modulate a microphone-bias line of the mobile device 516.

In another embodiment, a method is provided of transmitting information to a mobile device 516 using the card reader 510. In this embodiment, the raw magnetic head signal is received at the analog to digital front end 524 and converted into a processed digital signal that the microcontroller 526 can interpret. The output jack signal is thereafter delivered to the mobile device 516.

In another embodiment, the card reader 510 includes a housing 512. The read head 514 is positioned in the housing 512 and is configured to be coupled to the mobile device 516. In this embodiment, the power supply is coupled to the wake-up electronics 538 and the microcontroller 526. The output jack 530 is adapted to be inserted in a port of the mobile device 516 and deliver the output jack signal to the mobile device 516. The wake-up electronics 538 is powered by a microphone bias of a mobile device 516.

In another embodiment, a method is provided of transmitting information to a mobile device 516. The read head 514 includes the power supply coupled to wake-up electronics 538 and the microcontroller 526. The wake-up electronics 538 is powered by a microphone bias of the mobile device 516.

In another embodiment, the card reader 510 includes a housing 512, a read head 514 positioned in the housing 512, the power supply coupled to wake-up electronics 538 and the microcontroller 526 and the output jack 530 adapted to be inserted in a port of the mobile device 516 and deliver an output jack signal to the mobile device 516.

In another embodiment, a method is of transmitting information to a mobile device 516. A card reader 510 is provided with a read head 514 that has a slot 518 for swiping a magnetic stripe of a card 520, a power supply, the card reader 510 including wake-up electronics 538 and a microcontroller 526, and a power supply coupled to the wake-up electronics 538 and the microcontroller 526. Data is read from the magnetic stripe. A raw magnetic signal is produced indicative of data stored on the magnetic stripe. The raw magnetic head signal is converted into a processed digital signal that the microcontroller 526 interprets. An output jack signal is thereafter sent to the mobile device 516.

In another embodiment of the present invention, illustrated in FIG. 42, a card reader 510 is provided with the housing 512 and the read head 514 positioned in the housing 512. The read head 514 includes the slot 518. The read head 514 is positioned, and configured, to accommodate rocking of a card 520 while being swept in the slot 518, and produce a successful read of the magnetic stripe of the card 520. In one embodiment, the rocking is in an amount of 1 to 10 degrees of rotation from the bottom surface of the card away to the bottom surface of the slot.

In various embodiments, the rocking can be, 2 to 10 degrees of rotation, 3 to 10 degrees of rotation, 4 to 10 degrees of rotation and the like.

The rotation can be in a direction of a plane of the card 520. Accommodation of rocking enables a bottom of the card 520 to be moved in a direction away from a bottom of the slot 518 while the card 520 is slid through the slot 518 (FIG. 44). In one embodiment, the read head 514 has a side where the output jack 530 extends with a width of no more than 5 mm.

In one embodiment, the slot 518 is configured to provide for directionality of card 520 swipe directions (FIG. 31). This can be achieved by, the slot 518 having a wider entrance track at one end to receive a card 520, providing direction indicia on the housing 512, and the like.

As illustrated in FIG. 44, in one embodiment, the read head 514 is biased in a direction to one edge of a magnetic track of the card 520 when the card is in the slot 518. The read head 514 can be biased to one edge of a magnetic track of the card 520 and to one side of the card slot 518. The result of this is that a card in the slot can be rotated more on one side of the card slot.

In another embodiment, a method is provided of transmitting information to a mobile device 516 with a small reader 510. The card reader 510 has length and height dimensions that are less than length or height dimensions of a coupled mobile device 516 (FIG. 16( b)). A card 520 is slid in the slot 518, data is read from the magnetic stripe, a raw magnetic signal indicative of data stored on the magnetic stripe is produced, and the raw magnetic head signal is processed into a processed digital signal that the microcontroller 526 can interpret. Rocking of the card 520 in the slot 518 is accommodated with a successful read of the magnetic stripe of the card 520. The rocking is in an amount of 1 to 10 degrees of rotation of a bottom surface of the card 520 away from a bottom surface of the slot 518. An output jack signal is thereafter sent to the mobile device 516.

Referring now to FIG. 45, in another embodiment of the present invention, a card reader 510 includes a housing 512 with length, height and width dimensions. A read head 514 is positioned in the housing 512. The read head 514 is configured to be coupled to a mobile device 516. The read head 514 has a slot 518 for swiping a magnetic stripe of a card 520. The read head 514 reads data on the magnetic stripe and produces a signal indicative of data stored on the magnetic stripe. An asymmetric spring 544 is coupled to the read head 514. The asymmetric spring 514 positions the read head 514 to be offset in the housing 512, with the housing length and height edges being non-symmetrical in respect to the length and height edges of the read head 514. An output jack 530 is adapted to be inserted in a port of the mobile device and deliver an output jack signal to the mobile device;

The asymmetric spring 544 can be a cantilever with a pre-load onto an opposing wall on a back bone to provide that the read head 514 is substantially perpendicular to the magnetic strip of the card 520 when the card 520 is read by the read head 514. The asymmetric spring 544 can be configured to provide read head 514 positional adjustment when a card 520 is in the card reader slot 518. Accommodation of rocking enables a card 520 to be moved in a direction away from a bottom of the slot 518 while the card 520 is slid through the slot 518. The asymmetric spring 544 can be attached at a single point to a side of the housing 512.

In one embodiment, the asymmetric spring 544 angles the read head 514 to create an angled read head 514. This provides that when a card 520 is inserted in the slot 518 the read head 514 is parallel to the card 520. The angled head is substantially parallel with a card 520 as it is swiped through the slot 518.

As illustrated in FIG. 44, the asymmetric spring 544 shifts the read head 514 off center relative to the housing 512. In various embodiments, offsetting of the read head 514, (i) increases successful card 520 readings when the card 520 is rotated about a corner of a bottom of the slot 518; (ii) allows the card 520 to be rotated at a greater angle while still keeping the read head's active area on the magnetic track of the card 520; (iii) allows for more card 520 rotation by the user as the card 520 is swept through the slot 518; and the like.

In one embodiment, the read head 514 is shifted up with respect to a center line of the magnetic track. The card 520 can be rotated farther off a bottom of the slot 518 before a read head active area is no longer on the magnetic track of the card 520. In various embodiments, the read head 514 is configured to be positioned to, (i) be offset from a center of track 1 or track 2 of the card 520; provide up to 10 degrees of rotation and still register on track 1 or track 2 of the card 520, and the like.

As shown in FIG. 44, in one embodiment, the read head 514 is positioned away from the center point of the housing 512. The read head 514 is offset from track 1 of the card 520 when the card 520 is positioned in the slot 518 and is in contact with a bottom of the slot 518. Offsetting the read head 514 from track 1 of a card 520 is used to bias the slot 518 to a bottom of track 1 of the card 520. When the read head 514 is offset the user is provided with a flexibility to move the card 520 in a direction away from a bottom of the slot 518 as the card 520 is slid.

By offsetting, the housing 512 has a bottom surface that is adjacent to the mobile device 516, and the read head 514 is positioned in the housing 512 to be non-parallel to the bottom surface and the associated surface of the mobile device 516. Off setting provides a higher success rate of swipes achieved with rotation of the card 520 in the slot 518.

In one embodiment, the device electronics receives a raw signal from the read head 514 and converts it into a process digital signal that the microcontroller 526 can interpret. The microcontroller 526 has associated logic resources and code that receives a digital signal from the device electronics 522 and creates an encrypted and signed message based on the contents of the signal. The output jack 530 delivers an encrypted and signed output jack signal to the mobile device 516, with at least a portion of the output jack signal being encrypted. The message created can contain both encrypted and non-encrypted data, and a signature that can be used to verify that the data has not been modified.

In one embodiment, the microcontroller code uses a block cipher for encryption and signing. In one embodiment, the microcontroller uses the CCFB+H cipher mode for encryption and signing. Some embodiments of the encryption logic are described in Two-Pass Authenticated Encryption Faster than Generic Composition, S. Lucks, University of Mannheim, Germany; http://th/informatic-uni-mannheim/de/people/lucks/; and Comparing Block Cipher Modes of Operation on MICAz Sensor Nodes, G. Bauer et al., Institute for Applied Information Processing and Communications, Gran University of Technology, both fully incorporated herein by reference.

The microcontroller code can include a unique identifier and cryptographic key. The code can inspect itself to see if it, its cryptographic key, or its identifier has been modified. In one embodiment, the code includes countermeasures to detect tampering and attacks on the card reader.

In one embodiment, the card reader 514 disables itself when modification or tampering is detected. In one embodiment, the code is no more than 8 kilobytes in size.

The cryptographic key can be expanded before programming, and the microcontroller code does not include or require key expansion functionality. The microcontroller can be configured to recalculate the bit period in real time to capture variable-speed swipes. In one embodiment, the microcontroller is configured to parse and error-check card data. Additionally, the microcontroller can be configured to run periodic checksums on code and memory.

In one embodiment, the microcontroller uses thresholds to filter out erroneous data and/or false edges. The microcontroller can be configured to determine 1's and 0's by checking the frequency of polarity changes within a bit period.

In one embodiment, the microcontroller 526 is configured to produce a synchronous Manchester encoded stream that makes a greater number of 0 crossings. The output jack 530 is adapted to be inserted in a port of the mobile device 516 and deliver a Manchester encoded stream via the output jack 530 to the mobile device 516.

The number of 0 crossings is sufficient to simulate a signal with a sufficiently high frequency so that the mobile device's active filter does not cut off the output jack signal. AC coupling/filtering can be applied to the output jack signal.

Referring to FIG. 46, in another embodiment a method of reconstructing a packet that includes financial card information from a mobile device uses a card reader 510 with a read head 514 and a slot 518 for swiping a magnetic stripe of a card 520. Device electronics 522 includes a microcontroller 526 with logic resources with code. The card reader 514 has a unique identifier and associated cryptographic key. The same code is used to produce an encrypted and signed signal. The encrypted and signed signal, that includes the card reader identifier, is delivered to the mobile device 516. The mobile device 516 sends an encrypted and signed packet to a back end of a payment system. A cryptographic key is used to decrypt and verify the contents of the packet at the back end. Non-encrypted card 520 information is sent to a payment gateway.

The packet can contain both encrypted and non-encrypted data. The signature can be used to verify that the data has not been modified. In one embodiment, the encrypted and signed packet includes an identifier that is unique to the card reader 510. The cryptographic key associated with the card reader 510 is derived from a master secret and the card reader's unique identifier. The master secret can be created in a hardware security module and never transmitted to or shared with the card reader 510 manufacturing facility, payment gateway, mobile devices, or any other third party.

The back end derives the cryptographic key used to encrypt a packet based on the unique identifier contained within the packet. In one embodiment, the back end uses a block cipher algorithm to decrypt and verify the contents of the packet, and the CCFB+H cipher mode to decrypt and verify the contents of the packet.

An acknowledgment of successful or unsuccessful transactions can be sent from the back-end to the mobile device. Selected information about the packet and transaction can be stored at the back-end and used for data mining. The stored information can be used for communicating to a purchaser relative to the purchaser's purchasing history and activity.

In one embodiment, the encrypted and signed signal is created by the microcontroller 526 with no more than 8 kilobytes of code. The microcontroller 526 can be used to recalculate a bit period in real time to capture variable-speed swipes. Additionally, the microcontroller 526 can be used to parse and error-check card 520 data. In one embodiment, the microcontroller 526 is used to run periodic checksums on code and memory.

Thresholds can be used to filter out erroneous data and/or false edges. The microcontroller 526 can be used to determine 1's and 0's by checking the frequency of polarity changes within a bit period.

The foregoing description of various embodiments of the claimed subject matter has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the claimed subject matter to the precise forms disclosed. Many modifications and variations will be apparent to the practitioner skilled in the art. Particularly, while the concept “component” is used in the embodiments of the systems and methods described above, it will be evident that such concept can be interchangeably used with equivalent concepts such as, class, method, type, interface, module, object model, and other suitable concepts. Embodiments were chosen and described in order to best describe the principles of the invention and its practical application, thereby enabling others skilled in the relevant art to understand the claimed subject matter, the various embodiments and with various modifications that are suited to the particular use contemplated. 

1. A method of reconstructing a packet that includes financial card information from a mobile device, comprising: providing a card reader with a read head, a slot for swiping a magnetic stripe of a card and device electronics that includes a microcontroller with logic resources with code, the card reader having a unique identifier and associated cryptographic key, using the same code to produce an encrypted and signed signal; and delivering the encrypted and signed signal that includes the card reader identifier to the mobile device with the mobile device sending an encrypted and signed packet to a back end of a payment system; using a cryptographic key to decrypt and verify the contents of the packet at the back end; and sending non-encrypted financial card information to a payment gateway.
 2. The method of claim 1, wherein the packet can contain both encrypted and non-encrypted data, as well as a signature that can be used to verify that the data has not been modified.
 3. The method of claim 1, wherein the encrypted and signed packet includes an identifier unique to the card reader.
 4. The method of claim 1, wherein the cryptographic key associated with a card reader is derived from a master secret and the card reader's unique identifier.
 5. The method of claim 1, wherein the master secret is created in a hardware security module and never transmitted to or shared with the card reader manufacturing facility, payment gateway, mobile devices, or any other third party.
 8. The method of claim 1, wherein the microcontroller uses a block cipher algorithm for encryption.
 9. The method of claim 1, wherein the microcontroller uses the CCFB+H cipher mode for encryption and authentication.
 10. The method of claim 1, wherein the back end derives the cryptographic key used to encrypt a packet based on the unique identifier contained within the packet.
 11. The method of claim 1, wherein the back end uses a block cipher algorithm to decrypt and verify the contents of the packet.
 12. The method of claim 1, wherein the back end uses the CCFB+H cipher mode to decrypt and verify the contents of the packet.
 13. The method of claim 1, further comprising: sending acknowledgment of successful or unsuccessful transactions from the back-end to the mobile device.
 14. The method of claim 1, further comprising: storing selected information about the packet and transaction at the back-end.
 15. The method of claim 14, wherein the stored information is used for data-mining.
 16. The method of claim 14, wherein the stored information is used for communicating to a purchaser relative to the purchaser's purchasing history and activity.
 17. The method of claim 1, wherein the encrypted and signed signal is created by the microcontroller with no more than 8 kilobytes of code.
 18. The method of claim 1, further comprising: using the microcontroller to recalculate a bit period in real time to capture variable-speed swipes.
 19. The method of claim 1, further comprising: using the microcontroller to parse and error-check card data.
 20. The method of claim 1, further comprising: using the microcontroller to run periodic checksums on code and memory.
 21. The method of claim 1, further comprising: using thresholds to filter out erroneous data and/or false edges.
 22. The method of claim 1, further comprising: using the microcontroller to determine 1's and 0's by checking the frequency of polarity changes within a bit period.
 21. The method of claim 1, wherein the device electronics includes an analog front-end coupled to a microcontroller, the analog to digital front end being coupled to a processing element in the microcontroller,
 22. The method of claim 1, further comprising; producing a synchronous Manchester encoded stream output jack signal.
 23. The method of claim 1, further comprising: producing an asynchronized stream output jack signal.
 24. The method of claim 1, further comprising: producing an output jack signal at a frequency that the output jack signal appears to look AC to a microphone input of the mobile device.
 25. The method of claim 1, further comprising: producing an output jack signal at a frequency of 2 KHz to 48 kHz.
 26. The method of claim 1, further comprising: capturing card readings at the digital front end that are swept at a rate of 5 inches to 50 inches per second.
 27. The method of claim 1, further comprising: sending sends the output jack signal to the mobile device at a constant baud rate.
 28. The method of claim 27, wherein the constant baud rate is 2400 to 9200 baud.
 29. The method of claim 1, wherein the front end includes, an amplifier/filter, differentiator, a comparator and wake-up electronics.
 30. The method of claim 29, further comprising: using the wake-up electronics to signal the microcontroller, which in turn puts the device electronics into an active mode from a sleep mode, and back into the sleep mode when a card swipe signal stops. 